Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Sophos announced on Oct. 9 that it is adding advanced endpoint detection and response features to its Intercept X security platform.

Intercept X Advanced with EDR benefits from deep learning artificial intelligence capabilities that help organizations with threat hunting and advanced malware detection. The new feature also benefits from an integration with SophosLabs threat intelligence to help understand threats and what actions should be taken to remediate them.

"With Intercept X, we've had a lot of success on the protection side," Dan Schiappa, senior vice president and general manager at Sophos, told eWEEK. "What we found from a lot of customers is that they were still looking to add an EDR product."

Further reading

Sophos originally launched Intercept X in September 2016 as an advanced endpoint protection technology that can block malware threats, including ransomware. EDR technology is a category of cyber-security functionality that goes beyond protection, with data monitoring, analysis and threat hunting features.

Schiappa said the EDR capability is an optional module for the core Intercept X platform that is being made available to customers as additional licensed add-on. The EDR module benefits from artificial intelligence that Schiappa said makes the technology more intuitive for users. Intercept X Advanced with EDR also provides a data feed from SophosLabs that gives organizations additional context around malware.

"We now create a visualization so you can see a file, how it's been measured, and compare that visualization to other files that were convicted and other files that were declared as benign," he said. "This helps analysts very easily look at a file that is labeled suspicious that may have never seen before and helps guide them to a decision."

Invincea

Some of the EDR module's AI capabilities come from Invincea, which is a company that Sophos acquired for $120 million in February 2017. Schiappa said Sophos has absorbed and integrated the former Invincea technologies into multiple products across the Sophos portfolio.

"What we got from Invincea was primarily the deep learning neural networking capability for malware conviction," he said. "We do apply a portion of that AI piece in the EDR, but otherwise this is a completely organic product."

EDR can often be used in Security Operations Centers (SOC) as an integrated component of a threat hunting operation that include Security Information and Event Management (SIEM), IT Service Management (ITSM) and trouble ticketing activities. Schiappa said that in the initial release of Intercept X Advanced with EDR there are some connection points to SOC operations, with the plan being to have a deeper integration in future releases.

Intercept X

The core Intercept X technology has evolved since it was first released in 2016.

Schiappa explained that the way Intercept X works is that it does not scan for malware; rather, it looks for the specific techniques that hackers use to exploit any type of vulnerability. He added that Intercept X has continuously added new techniques into the detection engine to help detect new types of attacks. For example, Schiappa said Intercept X has a Master Boot Record (MBR) protection capability, which could help to block attacks like the NotPetya ransomware attack.

"We're trying to stay out front of hacker techniques, and so we can continue to add them to Intercept X," Schiappa said. "Then, of course, we just always evolve. We developed a new AI model that is getting smarter and smarter all the time."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.